package com.spmsys.filter;

import com.alibaba.fastjson.JSONObject;
import com.spmsys.service.Auth;
import com.spmsys.util.ServletUtil;
import jakarta.servlet.*;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

import java.io.IOException;
import java.io.PrintWriter;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Locale;
import java.util.TimeZone;

@WebFilter(filterName = "DatabaseFilter", urlPatterns = "/controller/app/database/*")
public class D_DatabaseFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        System.out.println("DatabaseFilter");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            //获取当前时间
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss 'GMT'", Locale.US);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
            //设置字符集、接受所有跨域请求、设置时间
            httpServletResponse.setContentType("application/json;charset=utf-8");
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
            httpServletResponse.setHeader("Date", simpleDateFormat.format(Calendar.getInstance().getTime()));
            //获取请求
            JSONObject requestData = ServletUtil.getRequestBody(httpServletRequest);
            String tableName = requestData != null ? requestData.getString("tableName") : null;
            String methodName = (httpServletRequest.getRequestURI().lastIndexOf("database/") + 9) < httpServletRequest.getRequestURI().length() ? httpServletRequest.getRequestURI().substring(httpServletRequest.getRequestURI().lastIndexOf("database/") + 9) : null;
            methodName = methodName != null ? (methodName.substring(0, 1).toLowerCase() + methodName.substring(1)) : null;
            //获取登录信息
            HttpSession httpSession = httpServletRequest.getSession();
            Auth auth = (Auth) httpSession.getAttribute("auth");
            if (tableName == null || methodName == null) {
                System.out.println("参数错误");
                throw new RuntimeException("参数错误");
            }
            if (!auth.databaseAuth(tableName, methodName)) {
                System.out.println("无权限操作" + tableName + "表的" + methodName + "方法");
                throw new RuntimeException("无权限操作" + tableName + "表的" + methodName + "方法");
            }
            System.out.println("鉴权成功");
            //放行
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            JSONObject responseData = new JSONObject();
            responseData.put("errorCode", "DATABASE_FILTER_FAIL");
            responseData.put("errorMessage", e.getMessage());
            PrintWriter printWriter = httpServletResponse.getWriter();
            printWriter.println(responseData);
            printWriter.close();
            e.printStackTrace();
        }
    }
}
